The user will be null if you are in an unprotected resource, EVEN if your are authenticated.
Regards,
Brian K Bonner wrote:
Hello,
I'm seeing something wierd with 4.1.24. If I access an unprotected resource after I am authenticated, I receive null from getUserPrincipal(). I am using the Coyote Http 1.1 connector, although I've tried it with the old catalina Http 1.1 connector.
Here's the test case:
1) access the unprotected servlet first you'll see "testing unprotected servlet. user is null" using either: http://localhost:8083/testing/unprotected or http://localhost:8080/testing/unprotected
2) access the protected servlet, you'll be challenged with the basic auth dialog and then see: "testing protected servlet. user is GenericPrincipal[tomcat]" using either: http://localhost:8083/testing/protected or http://localhost:8080/testing/protected
3) access the unprotected servlet, I still see: "testing unprotected servlet. user is null" access it the same as in #1
This should return the same as #2, but it doesn't. Can someone explain why?? and How can I workaround this problem?? I've been searching on the web, but www.mail-archive appears to be down.
Brian
Using Tomcat 4.1.24 standalone with the memory realm.
Here's my abbreviated conf/tomcat-users.xml: <?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="editor"/> <user username="tomcat" password="tomcat" roles="editor"/> </tomcat-users>
The get methods of my two servlets (protected and unprotected)
unprotected servlet's doGet:
PrintWriter out = res.getWriter(); out.println("testing unprotected servlet"); out.print("user is "); Principal p = req.getUserPrincipal(); out.print(p);
protected servlet's doGet:
PrintWriter out = res.getWriter();
out.println("testing protected servlet");
out.print("user is ");
Principal p = req.getUserPrincipal();
out.print(p);
Here's my web.xml file:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"; >
<web-app>
<display-name>testing</display-name>
<description>Test Unsecured Pages App</description>
<servlet>
<servlet-name>protected</servlet-name>
<servlet-class>com.paraware.test.TestServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>unprotected</servlet-name>
<servlet-class>com.paraware.test.TestServlet2</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>protected</servlet-name>
<url-pattern>/protected</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>unprotected</servlet-name>
<url-pattern>/unprotected</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Servlets</web-resource-name>
<description>Files secured for testing</description>
<url-pattern>/protected</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>Editors</description>
<role-name>editor</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<description>Page Editors</description>
<role-name>editor</role-name>
</security-role>
</web-app>
And from the server.xml:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="4" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true" />
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8009" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="10" debug="0" connectionTimeout="0" useURIValidationHack="false" protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8083" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" />
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
